3.1 Planning Your Novell Messenger System

The Messenger Installation program helps you install and set up your Messenger system. The Installation program also provides information to guide you through the process.

Review the following sections while filling out Section 3.5, Novell Messenger Worksheet. The worksheet lists all the information you are prompted for as you run the Installation program.

3.1.1 Determining Installation Locations

The Installation program prompts you for information about the eDirectory tree where you will create Messenger objects and the network server locations where you will create Messenger directories and install files. The following sections prepare you to supply the required information:

eDirectory

Messenger is administered through eDirectory, the Novell directory service. All Messenger components and users are configured through objects in eDirectory. You need to make sure that you have eDirectory installed in your environment. See Novell Messenger Hardware and Software Requirements for more information.

Extending the eDirectory Tree’s Schema

The Installation program must extend the schema of the eDirectory tree where you are going to create your Messenger system. Because all objects in a Messenger system must reside in the same eDirectory tree, only one tree needs to be extended.

WORKSHEET

Under Item 4: Tree Name, enter the eDirectory tree where you will create the Messenger objects.

ConsoleOne

Messenger administration is performed through ConsoleOne. When you install Messenger, the Messenger snap-in files are copied into an existing ConsoleOne installation. The Messenger snap-in files extend the functionality of ConsoleOne to let you administer Messenger. ConsoleOne considerations differ by platform:

  • NetWare and Windows: For a Messenger system on NetWare or Windows, you need to decide which ConsoleOne location you want to use to administer Messenger. This can be a ConsoleOne location on a network server or it can be on a local workstation. ConsoleOne 1.3.6 is included in the downloaded Novell Messenger 2.1 image, so you can update your ConsoleOne installation if necessary. If you plan to use ConsoleOne on a local workstation, you need to perform the Messenger installation from that workstation.

  • Linux: If you will be administering a Messenger system on Linux, ConsoleOne must be installed before you set up Messenger. GroupWise 8 for Linux includes eDirectory 8.8.3 for Solaris, Linux, and AIX, from which you can install ConsoleOne. ConsoleOne is typically installed to /usr/ConsoleOne. Make sure that ConsoleOne is installed on the Linux server where you plan to create your Messenger system.

WORKSHEET

Under Item 14: Admin Configuration, indicate whether or not you need to update your ConsoleOne installation and specify the path to the ConsoleOne software directory.

After your initial Messenger installation, you can install ConsoleOne and the Messenger snap-in to additional locations as needed.

3.1.2 Planning Your Novell Messenger System

Your Novell Messenger system is a collection of eDirectory objects to which the Messenger agents need access. In addition, the Messenger agents need access to all User objects that will be included in your Messenger system. The following sections help you decide how to implement your Messenger system in eDirectory:

Messenger System Location

You can create your Messenger system in any context in your eDirectory tree, except at the root of the tree. Within the Messenger system container you will have server, agent, policy, scope profile, LDAP profile, host, and chat objects.

The default name of the object that represents your Messenger system is MessengerService. The default object name for the server where you install the Messenger agents is the server’s DNS hostname with SERVER appended to it. You can change these object names, if necessary.

WORKSHEET

Under Item 5: Messenger System Context, specify the eDirectory context where you want to create your Messenger system. Make sure that the context exists in your eDirectory tree.

Under Item 6: Messenger System Objects, provide alternate names for the Messenger system and server objects if you do not want to use the default names.

After you have completed installation of your Messenger system, the following structure is created in eDirectory:

Figure 3-1 Messenger Service Container and Contents

These objects are explained in Understanding Your Novell Messenger System in the Novell Messenger 2.1 Administration Guide.

Messenger User Locations

The Messenger agents scan eDirectory to obtain information about users. During installation, you can specify one or more eDirectory contexts where User objects are located. You can include subcontexts if necessary. The list of contexts you supply establishes the initial scope of your Messenger system.

User objects located in those contexts are considered part of your Messenger system and their associated users can communicate with each other by using the Messenger client. User objects located outside those contexts are not considered part of your Messenger system and their associated users cannot use Messenger.

NOTE:GroupWise External Entity objects are not treated as User objects and are not considered part of your Messenger system.

WORKSHEET

Under Item 11: User Configuration, list the eDirectory contexts where User objects are located and mark whether you want to include subcontexts.

On Linux, you cannot automatically include subcontexts during installation. You must list each subcontext separately or use ConsoleOne after installation to include subcontexts, as described in Editing the Default Scope Profile to Include Additional eDirectory Users in Managing Messenger Client Users in the Novell Messenger 2.1 Administration Guide.

Using the information you provide during installation, the Installation program creates a Scope Profile object in your Messenger system. When you view the properties of this object in the tree, you see the contexts you specified during installation. You can change the scope of your Messenger system as needed after installation, as described in Adding Users to Your Messenger System in Managing Messenger Client Users in the Novell Messenger 2.1 Administration Guide.

eDirectory Access and Authentication

Messenger is a directory-based application. Messenger agent configuration information, user information, and settings are stored in eDirectory. You can choose between two different methods of eDirectory access:

  • Direct Access: The Messenger agents can log directly into eDirectory to obtain the information they need. An advantage of direct access is fast access to a local eDirectory replica.

  • LDAP Access: The Messenger agents can be configured to access eDirectory through an LDAP server. Advantages of LDAP access include running the NetWare agents in protected mode and providing secure access to a remote eDirectory replica through SSL encryption.

WORKSHEET

Under Item 9: Directory Access, mark whether you want the Messenger agents to use direct access or LDAP access to eDirectory.

If you are installing the Messenger agents on a Windows or Linux server, specify the IP address of an eDirectory replica. You can use only an IPV4 IP address for the eDirectory replica. If you are installing the Messenger agents on a NetWare server, you do not need to specify this information because there is an eDirectory replica on the NetWare server.

If you want to use LDAP access, specify the hostname and port number where the Messenger agents can communicate with the LDAP server. The default port number is 389 for non-SSL and 636 for SSL.

The initial eDirectory access method that you set up during installation determines how Messenger agents access eDirectory to obtain their configuration information and how the Messaging Agent accesses eDirectory on behalf of Messenger users when they log in to Messenger, search for contacts, establish conversations, and so on. Additional directory access alternatives can be configured after installation, as described in Customizing eDirectory Access for Users in the Novell Messenger 2.1 Administration Guide.

During installation, you must provide an eDirectory username and password for the Messenger agents to use when accessing eDirectory. The simplest approach is to let them log in as an Admin equivalent user.

If you do not want to let the Messenger agents log into eDirectory as an Admin equivalent user, you must set up an eDirectory user that meets specific requirements. The user must:

  • Be visible to the Messenger agents using the eDirectory access method you have selected (direct or LDAP)

  • Be a trustee of your Messenger system object (MessengerService, by default) and have the following rights as a trustee in order to access the Messenger agent objects:

    Property

    Rights

    [All Attribute Rights]

    • Compare, Read, and Write

    • Inheritable

    [Entry Rights]

    • Browse, Create, Rename, and Delete

    • Inheritable

  • Be a trustee of the eDirectory tree object or of the highest-level container object that contains all User objects that will be part of your Messenger system, and have the following rights as a trustee in order to access User objects:

    Property

    Rights

    [All Attribute Rights]

    • Compare, Read, and Write

    • Inheritable

    [Entry Rights]

    • Browse

    • Inheritable

    nnmBlocking nnmBlockingAllowList nnmBlockingDenyList nnmClientSettings nnmContactList nnmCustomStatusList nnmLastLogin

    • Compare, Read, and Write

    • Inheritable

Without sufficient rights to the Messenger system object, the Messenger agents cannot access their configuration information in eDirectory. Without sufficient rights to User objects, the Messaging Agent cannot access users’ contact lists, Messenger client settings, and other user-specific information.

WORKSHEET

Under Item 10: Directory Authentication, supply the username and password that the Messenger agents can use to authenticate to eDirectory with the required rights.

For step-by-step instructions on setting up the required rights, see Assigning Required Rights for eDirectory Access in Managing Messenger Client Users in the Novell Messenger 2.1 Administration Guide.

Messenger System Security

By default, communication between the Messenger agents and eDirectory, between the Messaging Agent and Messenger clients, and between the Messaging Agent and the Archive Agent is not secure. Information obtained from eDirectory, messages passing between Messenger users, and messages passing from the Messaging Agent to the Archive Agent are not encrypted. Messages stored in the Messenger archive are encrypted by the Archive Agent as they are archived.

If you want to enable SSL encryption between the Messenger agents and eDirectory, you must use LDAP access, not direct access, to eDirectory. The Messenger agents must communicate with the LDAP server on the LDAP SSL port of 636, rather than on the default LDAP port of 389.

For additional security between the Messenger agents and eDirectory when using LDAP access, you can reference the root certificate for the server where the eDirectory replica accessed by the agents is located. Typically, the root certificate is named rootcert.der. On a NetWare server, it is located in sys:\public. On a Linux or Windows server, it is exported to a user-specified location after installation of eDirectory.

IMPORTANT:If you do not specify a root certificate, your LDAP server must be configured to accept clear text passwords. Root certificates can be exported from ConsoleOne at any time after eDirectory is installed.

In order to enable SSL encryption between the Messaging Agent and Messenger clients and between the Messaging Agent and the Archive Agent, you must have a public certificate file and a private key available on your system.

WORKSHEET

Under Item 9: Directory Access, specify 636 as the LDAP port number and, if desired, provide the full path to the root certificate.

Under Item 15: Security Configuration, specify the full path to the public certificate file, your private key file (if separate from the certificate file), and the private key password.

If you are not already familiar with SSL, or if SSL is not already set up on your system, you can add SSL security to your Messenger system after installation, as described in Establishing Messaging Security with SSL Encryption in Managing the Messaging Agent in the Novell Messenger 2.1 Administration Guide.

3.1.3 Planning the Novell Messenger Agents

Your Novell Messenger system can include two agents:

  • Messaging Agent: Your Messenger system requires one Messaging Agent. The Messenger client communicates with the Messaging Agent for messaging, presence, and searching for users to add to the Messenger Contact List. The Messaging Agent also manages the queue for archiving conversations.

  • Archive Agent: If you want to enable archiving, your Messenger system requires one Archive Agent. The Archive Agent archives conversations, indexes conversations, and performs searches on the archive when contacted by an authorized Messenger user.

The following sections prepare you to supply the information required when installing the Messenger agents. Depending on the operating system you are installing to, some of these options might not apply:

Agent Platform

The agents are available as NetWare NLM programs, Linux executables, and Windows executables.

WORKSHEET

Under Item 1: Server Information, mark the type of agents (NetWare, Linux, or Windows) that you want to install.

Agent Software Location

On NetWare or Windows, you can specify where you want to install the Messenger agents. By default, they are installed to drive:\novell\nm where drive represents a mapped drive letter from the perspective of the Windows machine where you will run the Messenger Installation program.

NOTE:If you install to NetWare, you cannot use long filenames in paths.

On Linux, the Messenger agents are always installed to the bin and lib subdirectories of /opt/novell/messenger.

WORKSHEET

Under Item 3: Installation Path, specify the full path to the directory where you want to install the Windows or NetWare Messenger agent software. If the directory does not exist, it will be created.

Agent Network Address and Ports

The Messenger Installation program obtains the IP address and DNS hostname of the server where you want to install the Messenger agents based on the agent software location you provide. If the server has multiple IP addresses and DNS hostnames associated with it, you can specify different information from what the Installation program obtained automatically.

In addition to the IP address and DNS host name information, the Installation program also establishes the ports on which the Messenger agents listen for service requests. By default, the Messaging Agent listens for the Messenger client on client/server port 8300, meaning that conversations take place on port 8300. By default, the Archive Agent listens for the Messenger client on client/server port 8310, meaning that archive searches take place on port 8310. If a default port number is already in use on the server, select a different port number.

If you are using IPV6 for your Messenger agents, you must us the DNS hostname instead of the IP address for the agents.

WORKSHEET

Under Item 12: Server Address, list the IP address or DNS host name of the server where you want to install the Messenger agents. If the default port numbers are in use on the server, specify unique port numbers for the Messenger agents.

Clustering Option for the Messenger Agents

Novell Cluster Services is a server clustering system that ensures high availability and manageability of critical network resources including applications (such as the Messaging Agent and the Archive Agent) and volumes (where the Messenger queues and archive reside). Novell Cluster Services supports failover, failback, and migration of individually managed cluster resources. Novell Cluster Services is only available for NetWare and OES Linux.

The Messenger agents can be configured to take advantage of the fault-tolerant environment provided by Novell Cluster Services. The Installation program adds a /cluster switch to the Messenger agent startup files. This tells the Messenger agents to use the cluster virtual server name rather than the specific server name in pathnames obtained from the Agent object properties in eDirectory or from startup switches.

In addition to Novell Cluster Services, Messenger also supports PolyServe and Heartbeat clusters. For additional information on how to install and configure PolyServe and Heartbeat clusters, see the GroupWise 8 Interoperability Guide.

WORKSHEET

Under Item 13: Configure Agents for Clustering, mark whether or not you want to configure the Messenger agents for clustering.

For more information on clustering Messenger, see the GroupWise 8 Interoperability Guide.

Linux Agent High Availability

The GroupWise High Availability service makes sure that if the Messaging Agent or the Archiving Agent goes down for any reason, it starts again automatically. On NetWare, this capability is provided by using a restartable protected address space. On Windows, Microsoft Clustering Services automatically restarts a service that is not responding. On Linux, Novell Cluster Services does not include this capability, so it is built into the Novell Messenger Linux agents.

The GroupWise High Availability service (gwha) must be installed from the downloaded GroupWise 7 image or the downloaded GroupWise 8 image, depending on what version of GroupWise you are running. After the gwha service has been installed, it starts when your server boots and makes sure that the Messaging Agent and the Archiving Agent are running. If it detects that one of these agents is no longer running, it immediately issues the command to start it. The High Availability service uses the GroupWise Monitor Agent to periodically check the status of the agents that it is responsible for restarting. For instructions on how to set up the High Availability service, see Section 3.2.4, Setting Up the High Availability Service. For information on configuring Monitor for the Novell Messaging agents, see Monitoring Messaging Agent Status in the Novell Messenger 2.1 Administration Guide.

Windows Server Options for the Windows Messenger Agents

You can run the Windows Messenger agents as Windows applications or as Windows services. When you run the agents as Windows services, they can run under a specific Windows user account, or they can run under the local system account, with no username or password required. As with all Windows services, you can start the agents manually or have them start automatically each time the Windows server starts.

WORKSHEET

Under Item 2: Windows Server Options, select Install Agents as Windows Services if you want to run the Messenger agents as Windows services.

If you will run the agents as Windows services, under Item 8: Windows Service Options, record the account the agents will run under (unless they will run under the local system account), and if necessary, the password for the account. Also select whether you want the service to start automatically or manually.

If you want to use an SNMP manager program, such as the Management and Monitoring Services component of Novell ZENworks for Servers, to monitor the Windows Messenger agents, you must install some SNMP components along with the Windows Messenger agent software.

WORKSHEET

Under Item 2: Windows Server Options, select Install and Configure SNMP for Novell Messenger Agents if you want to use an SNMP manager program.

If this option is dimmed during installation, the SNMP service has not been set up on the Windows server where you are installing the Messenger agents. If you want to monitor the agents from an SNMP management program, the SNMP service must be enabled so you can select this option. For information about setting up SNMP on a Windows server, see Using SNMP Monitoring Programs in Managing the Messaging Agent in the Novell Messenger 2.1 Administration Guide.